This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Wireshark crash after 2 days

0

Hey,

I've got an effect with a Wireshark crash. After two days Wireshark crashes with the error: "This application has requested the Runtim to terminate it in an unusual way. Please contacs the application's support team". The problem signature looks like this: Problem signature: Problem Event Name: APPCRASH Application Name: wireshark.exe Application Version: 1.6.5.40429 Application Timestamp: 4f0c8ce1 Fault Module Name: libglib-2.0-0.dll Fault Module Version: 2.26.1.0 Fault Module Timestamp: 4d1b271d Exception Code: 40000015 Exception Offset: 000000000005180e OS Version: 6.1.7600.2.0.0.256.4 Locale ID: 3079 Additional Information 1: 15f2 Additional Information 2: 15f24de02058d998dac1fee4b72e43a7 Additional Information 3: 0687 Additional Information 4: 068767e66177b09845c5e81d040d310b

Read our privacy statement online: http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline: C:Windowssystem32en-USerofflps.txt

Can somebody say if there is a bug in Wireshark? Or is there something which has to be reconfigured?

Thank you!

asked 20 Feb '12, 01:05

dranigl's gravatar image

dranigl
14668
accept rate: 0%

2 Answers:

1

Assuming you were capturing, for long term captures it's recommended to use dumpcap from a console window. The cause is that Wireshark needs to maintain state information, which only build up over time, eventually exhausting all memory. Running dumpcap with the multiple capture files options is to way to approach these long term captures, since dumpcap is stateless with respect to the packet contents.

answered 20 Feb '12, 02:51

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%

See also: http://wiki.wireshark.org/KnownBugs/OutOfMemory

(20 Feb '12, 03:01) SYN-bit ♦♦

1

Was Wireshark capturing for the two days it was running? If so, it's possible that it simply ran out of memory. see the Wiki Out of Memory page for more info.

The exception code is a STATUS_FATAL_APP_EXIT from the c run-time library when abort is called. The faulting module is shown as libglib, and there are a number of places where abort is called in there. If you still have the capture file, and it isn't too big and you can share it, making it available on somewhere such as CloudShark might allow folks to dig into the crash a little.

answered 20 Feb '12, 03:51

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%